Lawyer Who Gave President Bush Legal Cover For Warrantless Wiretapping Now Claims We'll Come To Love An Intrusive NSA

from the because-he's-clueless dept

Late last week, an incredibly dishonest piece was published in The New Republic by Jack Goldsmith arguing not just that we "need" an "invasive NSA," but further, that we'll all come to love and appreciate the NSA snooping on all of our electronic communications (including snooping through the "contents" rather than just metadata). Why? Because of that old bogeyman "hackers"! We'll dig through the blatant cluelessness of the piece in a moment, but just to set the context, it's important to note that Goldsmith, back when he was a lawyer in the George W. Bush White House, wrote the memo that gave legal cover for Bush's warrantless wiretapping efforts. The legal argument was ridiculous: it was, more or less, "if the President does it, it's okay, because he's like powerful and stuff."

We conclude that in the circumstances of the current armed conflict with al Qaeda, the restrictions set out in FISA, as applied to targeted efforts to intercept the communications of the enemy in order to prevent further armed attacks on the United States, would be an unconstitutional infringement on the constitutionally assigned powers of the President. The President has inherent constitutional authority as Commander in Chief and sole organ for the nation in foreign affairs to conduct warrantless surveillance of enemy forces for intelligence purposes to detect and disrupt armed attacks on the United States. Congress does not have the power to restrict the President’s exercise of that authority.

Got that? It's not the 4th Amendment he was worried about infringing on, but rather the "assigned powers of the President," which he argued included ignoring the 4th Amendment's requirement for a warrant before wiretapping. Anyway, so that gives you some sense of the kind of person writing this defense of an intrusive NSA. He believes that if the President is doing it for a good reason (as, apparently, decided by the President), then it's perfectly legal, because separation of powers is another concept that can be ignored.

Okay, back to his present... screed. The key argument here seems to be to puff up cybersecurity FUD as much as possible to argue that it won't be long until we're all begging the NSA to spy on us to stop hackers from defacing websites. His big "example" of this is the recent hacking of the NY Times' website by the Syrian Electronic Army. That story got a bit of attention for about two days, and then fell off the map -- which is precisely why Goldsmith is wrong. For all the FUD NSA supporters and big defense contractors keep claiming over cybersecurity, they seem to be unable to get past the fact that when someone hacks a website and defaces it, while it may be a nuisance, no one dies. Yes, they like to talk up how many cybersecurity attacks there are going on these days, but they won't discuss the fact that in all of them exactly zero people have died.

The story of the NY Times hacking disappeared almost as quickly as it happened, because the consequences weren't particularly large or important. Yet, Goldsmith is arguing, effectively, that the NSA needs access to all networks in order to prevent the SEA from hacking the NYT again.

The U.S. government can fully monitor air, space, and sea for potential attacks from abroad. But it has limited access to the channels of cyber-attack and cyber-theft, because they are owned by private telecommunication firms, and because Congress strictly limits government access to private communications. “I can’t defend the country until I’m into all the networks,” General Alexander reportedly told senior government officials a few months ago.

For Alexander, being in the network means having government computers scan the content and metadata of Internet communications in the United States and store some of these communications for extended periods. Such access, he thinks, will give the government a fighting chance to find the needle of known malware in the haystack of communications so that it can block or degrade the attack or exploitation. It will also allow it to discern patterns of malicious activity in the swarm of communications, even when it doesn’t possess the malware’s signature. And it will better enable the government to trace back an attack’s trajectory so that it can discover the identity and geographical origin of the threat.

This makes two big assumptions -- one of which is false and the other of which is misleading. The first is that the NSA could or would actually successfully stop such a hack. This is false. Just like the NSA was unable to actually predict the Boston Marathon bombings, the idea that it could somehow catch a simple phishing trick is laughable. Goldsmith goes on at length about "malware" -- which he seems to grant mystical powers to -- but ignores that the reason the NYT's website got hacked was because of social engineering (via someone phishing an employee at a domain registrar), not malware. The NSA isn't going to catch that.

Secondly, there's the assumption that the NSA will actually "block or degrade the attack or exploitation." This appears to ignore pretty much everything that's come out about the NSA's activities lately, including its regular buying of exploits, placing backdoors in products and security standards, and its general focus on using such things offensively rather than defensively.

Goldsmith just keeps repeating these silly claims with ever grander claims over and over in the piece, as if he repeats it enough, perhaps someone will believe it. Frankly, Goldsmith comes off as an authoritarian-loving lawyer who is almost entirely technologically illiterate. He seems over-awed by the technology and thus insists that (1) the NSA needs to spy on everything to "protect" us and (2) that the government somehow will actually be the best party to protect insecure systems (totally ignoring the fact that the same government actively weakened those same technologies). For example, he goes back to the claim that some computer vandalism will make people open their arms to a spying NSA:

The first is that the cybersecurity threat is more pervasive and severe than the terrorism threat and is somewhat easier to see. If the Times’ website goes down a few more times and for longer periods, and if the next penetration of its computer systems causes large intellectual property losses or a compromise in its reporting, even the editorial page would rethink the proper balance of privacy and security. The point generalizes: As cyber-theft and cyber-attacks continue to spread (and they will), and especially when they result in a catastrophic disaster (like a banking compromise that destroys market confidence, or a successful attack on an electrical grid), the public will demand government action to remedy the problem and will adjust its tolerance for intrusive government measures.

Except, again, there's little indication that any such attack would shatter people's trust in the market. This seems to presuppose an incredibly stupid populace, not one that can process basic information like "this website was hacked, and it may be inconvenient, but we'll get over it." Ditto the bogeyman of "hacking the electric grid." The NSA has talked up this "electric grid" threat for years and it's bogus. Actual experts have (literally) called such claims "a bunch of hooey." And even if hackers could take down an electric grid for some period of time, we have at least some sense of what will happen, thanks to the Northeast blackout of 2003, which took down a massive section of power in the northeast and midwest. And this was soon after 9/11, so people were especially sensitive to threats of terrorism... and they didn't freak out or destroy society. They waited for things to get sorted out, and people moved on with life. No biggie.

So the whole claim that "the cybersecurity threat is more pervasive and severe than the terrorism threat" is ridiculous.

Goldsmith may want to support his beloved surveillance state, which he personally helped expand a decade ago, but fear mongering is no way to make a compelling argument -- especially when it appears so clueless about the basics of technology and the threats out there.

And even if hackers could take down an electric grid for some period of time, we have at least some sense of what will happen, thanks to the Northeast blackout of 2003, which took down a massive section of power in the northeast and midwest.

There was also the storm back in summer of 2012 that left large chunks of the D.C. region without power for a substantial chunk of a week. It was annoying, but people just waited for the power companies to restore power.

Which is pretty much how power outages go in general. They're common enough that people know how to deal with them, and while lengthy ones are annoying, that's pretty much the extent of it. It's difficult to imagine hackers bringing down enough of the power grid to cause substantially more damage than a particularly bad storm.

Re: Learn to love the NSA

I get "Doctor strange love" and "we need a strong man" from the story.

Fascism and "the mad lone terrorist" are very disturbing to see appreciated to such a degree as from sir Goldsmith in this instance!

Hopefully it is satire. I dont believe people can genuinely be diluted enough to see the fourth amendment as anti-americanism and FISA as unconstitutional on ground of being a limiting power for the president.

Well, you're not the audience.

But manifestly a large portion of the populace fell for the imperialist militaristic "father state" jingoism while reviling the "nanny state" as "socialism". Else Limbaugh, Hannity, O'Reilly, Coulter and all of FOX "news" wouldn't have an audience. Heck, I don't even call 'em "dishonest" because they actually believe the pseudo-religious fascist surveillance state is necessary to survive against the supposedly rabid Mohammedist hordes. It's amazing, but there they are.

As for rest: but banking could easily be taken off line and the country would grind to a halt. Or did you miss the EBT outage this weekend? Looks to me like a test of succh control. (Two purposes were served: the poor are enraged against "Republicans" who shut down the gov't, while "conservatives" are amused at that because consider the poor on food stamps all "freeloaders" and it's high time to make them grovel. Meanwhile, both groups miss The Rich who are actually running the country AND the real freeloaders.)

But it hurts someone's wallet

Well it may be technically true that no one has died (yet) from defacing a corporate web site, the author of this unprovoked and simplistic attack piece forgets one import thing. There is something on the line here far more important than mere life. Someone lost *money* because of those nasty, smelly, hippy hackers. It is quite easy for the author to overlook this when it is someone else's share holders at risk.

Nice when shills self-identify

What if he's right?

If all his scaremongering comes to pass, my reaction would certainly not be to embrace further intrusion by the NSA or anyone else. It would be to raise holy hell about companies and agencies placing critical systems on the internet at all.

The way it's supposed to work is this: critical systems are not on the internet. For example, systems that allow access to data such as the NYT website, are not actually reaching into the company's working database. It's using a copy devoted to the public-facing access. The idea is that even if the public-facing system is 100% compromised and destroyed, nothing of real importance has been lost as there is no way to get to internal systems from the public-facing ones, and all that was there was a copy of the data being offered up.

This has all been established best practice for longer than the internet itself has been open to the public. If a company or agency is failing to adhere to best practices, the solution isn't further encroachment on everyone's privacy, but to punish the company or agency for their idiotic practices.

Re:

If the Times’ website goes down a few more times and for longer periods, and if the next penetration of its computer systems causes large intellectual property losses or a compromise in its reporting, even the editorial page would rethink the proper balance of privacy and security

So we start this statement with not one, but two big "if's" and then move onto an "or" - making it a somewhat useless statement to begin with.

But no! Ite gets worse!

We then move on to the editorial staff at the NYT re-thinking their proper balance of privacy and security. I have spent years reading the times and I'm not convinved the editorial staff has ever really done much thinking in the first place.

The President has inherent constitutional authority as Commander in Chief and sole organ for the nation in foreign affairs to conduct warrantless surveillance of enemy forces for intelligence purposes to detect and disrupt armed attacks on the United States.

Re:

I'd be a bit more concerned about the "enemy forces" label than the "foreign affairs" label. Additionally, this label is being applied to our allies' citizens as well. Something tells me it isn't really a good idea from a diplomatic standpoint to be identifying foreign non-combatants as "enemy forces."

Intellectual theft of the cyber war meme

What stands out to me is his conflation of IP "theft" with national security.

The national hero Keith Alexander and his brave troops at Cyber Command are working valiantly to protect America's nuclear missiles, air traffic control systems, critical infrastructure and Miley Cyrus songs from Cyber Attack by terrorists, rogue states and copyright infringers.

Full Frontal

::waves watch::

You WILL love the NSA. You WILL love the NSA. You HATE your privacy. Privacy leads to EVIL. You WILL love the NSA. You will LOVE the NSA. You no longer need your parents. You only need a nanny state. We are your parents now. We are your parents now.

Now lay back, this will only hurt a bit, and the frontal lobe of your brain is vestigial in 2013 anyway...

"If the president does it, it's ok..."

This is really making me angry again at my parents generation for not impeaching and prosecuting to the full extent of the law that asshole Nixon for breaking the law while in office because "When the president of the united states does it, it's not illegal!"

FUCK THAT! It should be twice as illegal for a person of such power to break the law, and should be punished by a factor of 10 for the disgusting impact on the whole world. Bush, Obama, shit, maybe even Clinton, and almost certainly, unless they put an immediate end to these illegal programs upon taking office, even the next president should be put on trial, and sent to federal "pound-me-in-the-ass" prison.

Love the NSA or else!

I don't read all of the comments here, so forgive me if this thought isn't original:

They say...If you don't love the NSA and approve of its actions, then the terrorists have won.

I say...You're right - the terrorists won when the US government decided that it needed to protect itself *from us*, rather than protect us. It has apparently decided that any/all of us may be linked to a terrorist via our electronic footprints.

Mike - Jack Goldsmith was never a lawyer in the George W. Bush (or any other) White House. It would take you all of 30 seconds of Googling to figure that out. You seem to hold others to very high standards of accuracy. Why not apply something similar to your own writing? Should we assume your other assertions are equally inaccurate?

Re:

Here's what I found out in my Googling:

"He was a law professor at the University of Chicago when in 2002, he joined the Bush administration as legal adviser to the General Counsel of the Department of Defense. In October 2003 he was appointed as an United States Assistant Attorney General, leading the Office of Legal Counsel in the Department of Justice under Attorney General John Ashcroft and Deputy Attorney General James Comey."

So, you're technically right. Not a lawyer in "the white house" but certainly a lawyer in the administration. However, "the white house" is commonly used as a synonym for "the administration". In that light, your scolding is a bit disingenuous and petty.

Cartman: ["I've done it. I've infiltrated the NSA, and gained their trust." A shot of Alec Baldwin and his date at a buffet restaurant. The camera pans across until it reachs the couple. Alec tries to hold his fork properly, but fails each time. "So far, I've not ascertained how they were able to keep track of everyone in the country, but I'm close. Very close. I just hope that I'm not found out as a whistleblower before I'm able to expose their entire operation."]